Skip to content

github.com/golang/mock contain vulnerable crypto package #394

Description

@k3v3n

Are there any plan to remove that archive lib to fix vulnerable package

github.com/DataDog/datadog-go/v5@v5.8.3
  └── github.com/golang/mock@v1.6.0
        └── golang.org/x/mod@v0.4.2
              ├── golang.org/x/crypto@v0.0.0-20191011191535
              │     └── golang.org/x/net@v0.0.0-20190404232315
              │           └── golang.org/x/crypto@v0.0.0-20190308221718  ← the one you're seeing
              └── golang.org/x/tools@v0.0.0-20191119224855
                    └── golang.org/x/net@v0.0.0-20190620200207
                          └── golang.org/x/crypto@v0.0.0-20190308221718  ← same

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions